RIM fixes critical BlackBerry bug
PDF flaw now patched.
By Gregg Keizer, Computerworld (US online) | Published: 09:20, 21 July 2008
RIM has patched a critical bug in its BlackBerry Enterprise Server (BES) to stymie hackers hoping to break into company networks by tricking users of the popular smart phone into opening rigged PDFs.
The fix, which was delivered in several separate updates to BES, addressed a security vulnerability in the PDF distiller component of the BlackBerry Attachment Service, which runs on the BES. RIM first disclosed the flaw last week, but the bug gained attention last week when the US Computer Emergency Readiness Team (US-CERT) posted an alert.
Attackers could exploit the vulnerability by getting BlackBerry users to open malicious PDF files attached to email messages. Successful exploits would compromise servers running BES, not individual BlackBerry devices, RIM said in security advisories first published 10 July.
A RIM spokeswoman said that the company had received no reports of attacks and that updates were now available for BES.
Enterprise administrators can update to BES version 4.1 Service Pack 6 (4.1.6) for Microsoft Exchange and IBM Lotus Domino, RIM said in a revised advisory. An update to BES for Novell GroupWise pegged as 4.1.4 also patches the problem.
Administrators running editions of BES older then versions 4.1.6, or 4.1.4 for GroupWise, can instead apply one of several interim security updates posted on RIM's download site.
Previously, RIM had updated the BlackBerry Unite software that users run on their smart phones to patch the problem on the client side.
